cbtech
asked on
Protecting branch office VPN's...
I am going to create a connection between our HQ and a branch office, I have done this in the past no problem. My question is, what can I do to stop any virus activity from flowing back over the VPN to HQ or vice-versa. All the machines have managed anti-virus and patch protection, I am throwing this senario out as a "what if". Anyways, is there a VPN product that does packet inspection of the VPN tunnels itself? I was going with sonicwall products, as cisco is too complex for our needs at this time. Any ideas?
Thanks in advance!
Thanks in advance!
The only thing that I have heard of that would allow you to do something like this is the cisco security agent.
Well, I'm no expert, but Googleing "packet inspection of VPN tunnel" got me a ton of info on the subject. Seems there are lots of products (router/firewalls) available now that support this.
Vaya con Dios,
CvD
Vaya con Dios,
CvD
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Look at the SnapGear line of products from CyberGuard. Real easy to configure and no user limits. http://www.snapgear.com
Configuring L2TP/IPSEC/PPTP VPN and IPSEC tunnel is a snap.
Regards
Configuring L2TP/IPSEC/PPTP VPN and IPSEC tunnel is a snap.
Regards
Looking at the comments sofar, go for my solution and decide for yourself.
There's a cool appliance called a Packetshaper which allows you to prioritise or drop taffic. It can see through IPSec and VPN's and even prioritise applications within Citrix sessions. It's very cool.
I also find it useful for giving a real-time status of traffic flow and have used it to monitor links to 200 sites by routing all traffic through our co-lo. I prefer to allow traffic to flow so that I can see whats on the wire. As soon as I spot ICMP or some known worm port getting hit, I can turn on monitoring to read which terminals it's coming from and determine exactly which site it's coming from. I'd prefer to get rid of any infections rather than contain them and let them continue to infect vulnerable clients/laptops on the local network.
Check it out:
http://www.packeteer.com/prod-sol/products/packetshaper.cfm
I've never been one to publicly endorse products, but this is a really cool box (and their tech support is very good compared to some)
I also find it useful for giving a real-time status of traffic flow and have used it to monitor links to 200 sites by routing all traffic through our co-lo. I prefer to allow traffic to flow so that I can see whats on the wire. As soon as I spot ICMP or some known worm port getting hit, I can turn on monitoring to read which terminals it's coming from and determine exactly which site it's coming from. I'd prefer to get rid of any infections rather than contain them and let them continue to infect vulnerable clients/laptops on the local network.
Check it out:
http://www.packeteer.com/prod-sol/products/packetshaper.cfm
I've never been one to publicly endorse products, but this is a really cool box (and their tech support is very good compared to some)